Software supply chain security provider Tidelift is merging with Sonar, a code quality specialist.
Tariq Shaukat, chief executive at Sonar, said the acquisition is based on a “common vision” to “improve code everywhere and supercharge the developer experience”.
“We have been impressed with Tidelift’s approach to improving open source software,” Shaukat added. “Tidelift provides insight into many factors that could adversely impact applications relying on open source.”
Accordingly, developers could more swiftly act to remediate issues as they emerge. The deal will enable Sonar to address further code level issues, as well as first-party and AI-generated code.
Code quality and supply chain security in focus
The acquisition will extend Sonar’s scope of coverage to include open source libraries.
That’s in addition to code written by developers and AI. Some 90% of software is built with open-source components, according to Sonar.
Tidelift is an organisation that supports maintainers of open source projects follow secure software development practice, by partnering with and paying them.
Donald Fischer, chief executive and co-founder of Tidelift, said that combining with Sonar’s capabilities would deliver a “complete solution” for managing code quality and security.
Customers include Cisco, Fannie Mae, and the US Air Force.
“Against a backdrop of high-profile security issues impacting open source, like the Log4Shell and XZ Utils vulnerabilities, technology leaders must ensure enterprise-grade quality and security standards,” Fischer said.
Sonar offers a clean-code methodology for ensuring code quality. “Bad code” remains a “trillion dollar” challenge for organisations, it noted.
( Image by Luca Di Alessandro from Pixabay )
